|
|
|
|
|
|
by raincole
61 days ago
|
|
|
It never ceases to scare me how they just run python code I didn't write via: > python <<'EOF' > ${code the agent wrote on the spot} > EOF I mean, yeah, in theory it's just as dangerous as running arbitrary shell commands, which the agent is already doing anyway, but still... |
|
|
By default these shell commands don't have network access or write access outside the project directory which is good, but nowhere near customizable enough. Once you approve a command because it needs network access, its other restrictions are lifted too. It's all or nothing.